CVE-2020-11896
published 2020-06-17CVE-2020-11896: The Treck TCP/IP stack before 6.0.1.66 allows Remote Code Execution, related to IPv4 tunneling.
PriorityP276critical10CVSS 3.1
AVNACLPRNUINSCCHIHAH
EPSS
36.96%
98.3th percentile
The Treck TCP/IP stack before 6.0.1.66 allows Remote Code Execution, related to IPv4 tunneling.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| paloalto | pan-os | — | — |
| treck | tcp_ip | < 6.0.1.66 | 6.0.1.66 |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect exploitation attempts targeting CVE-2020-11896 by monitoring for malformed/specially crafted IP packets exploiting IPv4 tunneling length parameter inconsistencies in Treck TCP/IP stack implementations (versions before 6.0.1.66). ↗
- →The vulnerability is exploitable from an adjacent network (AV:A), not remotely over the internet — scope detection to local network segments hosting affected devices (SIMATIC RTLS4030G, RTLS4430G, or any Treck stack device). ↗
- →Flag anomalous IP packet length field inconsistencies (e.g., mismatched inner/outer header lengths in IPv4-in-IPv4 tunneled traffic) as a primary network-layer indicator of Ripple20/CVE-2020-11896 exploitation attempts. ↗
- →Cisco Bug ID CSCvu68945 is associated with CVE-2020-11896 in Cisco products; use this identifier when querying Cisco PSIRT or internal ticketing for affected asset inventory. ↗
- ·Attack complexity is HIGH (AC:H) and the attack vector is adjacent network only (AV:A) — exploitation requires the attacker to be on the same network segment as the target device, limiting remote internet-based exploitation. ↗
- ·No fix is planned for affected Siemens SIMATIC RTLS Gateway products (RTLS4030G and RTLS4430G, all versions); detection and network segmentation are the primary mitigations. ↗
- ·No known public exploitation specifically targeting CVE-2020-11896 had been reported to CISA at time of advisory publication (February 2024). ↗
CVSS provenance
nvdv3.110.0CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Treck TCP/IP Stack (Update I)
cisa_ics·2024-09-19·CVSS 10.0
[CRITICAL] Treck TCP/IP Stack (Update I)
ICS Advisory
##
Treck TCP/IP Stack (Update I)
Last RevisedSeptember 19, 2024
Alert CodeICSA-20-168-01
Related topics:
Industrial Control System Vulnerabilities, Industrial Control Systems
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v3 10.0
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Treck Inc.
- Equipment: TCP/IP
- Vulnerabilities: Improper Handling of Length Parameter Inconsistency, Improper Input Validation, Double Free, Out-of-bounds Read, Integer Overflow or Wraparound, Improper Null Termination, Improper Access Control
CISA is aware of a public report, known as "Ripple20" that details vulnerabilities found in the Treck TCP/IP stack. CISA is issuing this advisory to provide early notice of the reported vulnerabilities and identify
CISA ICS
Siemens SIMATIC RTLS Gateways
cisa_ics·2024-02-15·CVSS 10.0
[CRITICAL] Siemens SIMATIC RTLS Gateways
ICS Advisory
##
Siemens SIMATIC RTLS Gateways
Release DateFebruary 15, 2024
Alert CodeICSA-24-046-03
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v4 7.7
- ATTENTION: Exploitable from adjacent network
- Vendor: Siemens
- Equipment: SIMATIC RTLS Gateway RTLS4030G, SIMATIC RTLS Gateway RTLS4430G
- Vulnerability: Improper Handling of Length Parameter Inconsistency
## 2. RISK EVALUATION
The Treck TCP/IP stack on affected devices improperly handles length
Palo Alto
PAN
vendor_paloalto·2020-07-08·CVSS 9.8
CVE-2013-7459 [CRITICAL] PAN
PAN
The Palo Alto Networks Product Security Assurance team has evaluated and determined that these third-party or open source vulnerabilities do not have any security impact on PAN-OS or that the scenarios required for successful
CVEs: CVE-2013-7459, CVE-2018-1120, CVE-2018-1121, CVE-2018-1122, CVE-2018-1123, CVE-2018-1124, CVE-2018-16402, CVE-2020-11022, CVE-2020-11023, CVE-2020-11896, CVE-2020-11897, CVE-2020-11898, CVE-2020-11899, CVE-2020-11900, CVE-2020-11901, CVE-2020-11902, CVE-2020-11903, CVE-2020-11904, CVE-2020-11905, CVE-2020-11906, CVE-2020-11907, CVE-2020-11908, CVE-2020-11909, CVE-2020-11910, CVE-2020-11911, CVE-2020-11912, CVE-2020-11913, CVE-2020-11914
Affected products: PAN-OS
Cisco
Multiple Vulnerabilities in Treck IP Stack Affecting Cisco Products: June 2020
vendor_cisco·2020-06-17
CVE-2020-11896 [CRITICAL] CWE-20 Multiple Vulnerabilities in Treck IP Stack Affecting Cisco Products: June 2020
Multiple Vulnerabilities in Treck IP Stack Affecting Cisco Products: June 2020
A set of previously unknown vulnerabilities on the Treck IP stack implementation were disclosed on June 16, 2020. The vulnerabilities are collectively known as Ripple20. Exploitation of these vulnerabilities could result in remote code execution, denial of service (DoS), or information disclosure, depending on the specific vulnerability.
This advisory will be updated as additional information becomes available.
This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-treck-ip-stack-JyBQ5GyC
Cisco
Multiple Vulnerabilities in Treck IP Stack Affecting Cisco Products: June 2020
vendor_cisco
CVE-2020-11896 Multiple Vulnerabilities in Treck IP Stack Affecting Cisco Products: June 2020
CVE-2020-11896: Multiple Vulnerabilities in Treck IP Stack Affecting Cisco Products: June 2020
A set of previously unknown vulnerabilities on the Treck IP stack implementation were disclosed on June 16, 2020. The vulnerabilities are collectively known as Ripple20. Exploitation of these vulnerabilities could result in remote code execution, denial of service (DoS), or information disclosure, depending on the specific vulnerability. This advisory will be updated as additional information becomes available. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-treck-ip-stack-JyBQ5GyC
CWE: CWE-20, CWE-20
Bug IDs: CSCvu68945, CSCvu68945, CSCvu68945, CSCvu68945
GHSA
GHSA-hwgx-cxhm-g3q3: The Treck TCP/IP stack before 6
ghsa_unreviewed·2022-05-24
CVE-2020-11896 [HIGH] CWE-20 GHSA-hwgx-cxhm-g3q3: The Treck TCP/IP stack before 6
The Treck TCP/IP stack before 6.0.1.66 allows Remote Code Execution, related to IPv4 tunneling.
No detection rules found.
No public exploits indexed.
Tenable
Cybersecurity Snapshot: 6 Things That Matter Right Now
blogs_tenable·2022-07-15
Cybersecurity Snapshot: 6 Things That Matter Right Now
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Tenable
Securing Critical Infrastructure: What We've Learned from Recent Incidents
blogs_tenable·2022-07-14
Securing Critical Infrastructure: What We've Learned from Recent Incidents
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Unit42
Risks in IoT Supply Chain
blogs_unit42·2020-10-26
Risks in IoT Supply Chain
## Executive Summary
The COVID-19 pandemic has accelerated the adoption of IoT devices. As businesses slowly reopen during the pandemic, contactless IoT devices such as point of sale (POS) terminals and body temperature cameras have been widely adopted to keep business operations safe. Palo Alto Networks research shows 89% of IT decision-makers globally reported that the number of IoT devices on their organization's network increased over the last year, with more than a third (35%) reporting a significant increase. Additionally, International Data Corporation (IDC) estimates that there will be 41.6 billion connected IoT devices in 2025.
However, this trend increases the attack surface, which is likely to attract more attacks and exploits targeting IoT devices and IoT supply chains. Here,
Qualys
Ripple20: Multiple Vulnerabilities Identified in Treck TCP/IP Stack | Qualys
blogs_qualys·2020-06-24·CVSS 10.0
[CRITICAL] Ripple20: Multiple Vulnerabilities Identified in Treck TCP/IP Stack | Qualys
#### Table of Contents
- Ripple20Vulnerabilities
- Detecting Treck IP Stack Vulnerabilities with Qualys VM
- Qualys Threat Protection
- Workaround
Multiple vulnerabilities that use a low-level TCP/IP software library developed by Treck, Inc. were identified recently in implementations of the Treck IP stack for embedded systems. These vulnerabilities were discovered by the JSOF research lab and have been named Ripple20.
## Ripple20Vulnerabilities
Ripple20 is a set of 19 vulnerabilities that affects hundreds of devices (or more) and include multiple remote code execution vulnerabilities.
Four of the Ripple20 vulnerabilities are critical (CVE-2020-11896, CVE-2020-11897, CVE-2020-11898, CVE-2020-11901 ), with CVSS scores over 9 and enable Remote Code Execution. One of the critical vulnera
Qualys
Ripple20: Multiple Vulnerabilities Identified in Treck TCP/IP Stack
blogs_qualys·2020-06-24·CVSS 10.0
[CRITICAL] Ripple20: Multiple Vulnerabilities Identified in Treck TCP/IP Stack
## Table of Contents
Ripple20Vulnerabilities
Detecting Treck IP Stack Vulnerabilities with Qualys VM
Qualys Threat Protection
Workaround
Multiple vulnerabilities that use a low-level TCP/IP software library developed by Treck, Inc. were identified recently in implementations of the Treck IP stack for embedded systems. These vulnerabilities were discovered by the JSOF research lab and have been named Ripple20 .
## Ripple20 Vulnerabilities
Ripple20 is a set of 19 vulnerabilities that affects hundreds of devices (or more) and include multiple remote code execution vulnerabilities.
Four of the Ripple20 vulnerabilities are critical (CVE-2020-11896, CVE-2020-11897, CVE-2020-11898, CVE-2020-11901 ), with CVSS scores over 9 and enable Remote Code Execution. One of the critical vulnerabilit
Tenable
CVE-2020-11896, CVE-2020-11897, CVE-2020-11901: Ripple20 Zero-Day Vulnerabilities in Treck TCP/IP Libraries Disclosed
blogs_tenable·2020-06-16·CVSS 10.0
[CRITICAL] CVE-2020-11896, CVE-2020-11897, CVE-2020-11901: Ripple20 Zero-Day Vulnerabilities in Treck TCP/IP Libraries Disclosed
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-006.txthttps://cert-portal.siemens.com/productcert/pdf/ssa-631949.pdfhttps://jsof-tech.com/vulnerability-disclosure-policy/https://security.netapp.com/advisory/ntap-20200625-0006/https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbhf04012en_ushttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-treck-ip-stack-JyBQ5GyChttps://www.dell.com/support/article/de-de/sln321836/dell-response-to-the-ripple20-vulnerabilitieshttps://www.jsof-tech.com/ripple20/https://www.kb.cert.org/vuls/id/257161https://www.kb.cert.org/vuls/id/257161/https://www.treck.comhttp://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-006.txthttps://cert-portal.siemens.com/productcert/pdf/ssa-631949.pdfhttps://jsof-tech.com/vulnerability-disclosure-policy/https://security.netapp.com/advisory/ntap-20200625-0006/https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbhf04012en_ushttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-treck-ip-stack-JyBQ5GyChttps://www.dell.com/support/article/de-de/sln321836/dell-response-to-the-ripple20-vulnerabilitieshttps://www.jsof-tech.com/ripple20/https://www.kb.cert.org/vuls/id/257161https://www.kb.cert.org/vuls/id/257161/https://www.treck.com
2020-06-17
Published